Cyber Information Systems Security - Level 1
Northrop Grumman is seeking a Computer Systems Security Analyst (CSSA) to join the Information Systems Security (ISS) team in the Los Angeles South Bay area (Redondo Beach, Manhattan Beach, El Segundo). The ISS team consists of Information Systems Security Officers (ISSOs) and Information Systems Security Managers (ISSMs), Information Systems Security Engineers (ISSEs), and Information Systems Security Auditors (ISSAs). The selected candidate will perform one or more of these roles. The ISS organization has overall responsibility for providing security oversight to all Northrop Grumman classified systems under their respective purview.
This position will perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Assist in the implementation of the Risk Management Framework (RMF), through the required government policy (i.e., NISPOM, JSIG, ICD etc.), make recommendations on process tailoring, participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Assessment and Authorization activities and technical or coordination activity and prepare the System Security Plans and update the Plan of Actions and Milestones POA&M. Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.
Responsibilities will include, but are not limited to:
- Weekly Information Systems Security Audits – Collect and review audit logs/reports, evaluate for any errors in the collected logs, identify any security threats that occurred during the week, document the review, report to management if any anomalies were discovered. Identification of security threats requires the individual to understand the system being reviewed and to perform analysis of the data being audited.
- Security Configuration Management - Evaluate all inbound and outbound hardware to their respective restricted security boundaries. Coordinate with vendors to obtain Letters of Volatility (LOV) for each specific hardware make and model. Obtaining an LOV requires the individual to identify and evaluate many different types of memory. The individual must analyze the information provided by the vendor and confirm that the information provided relevant for the memory component and meets government compliance requirements. Coordinate with requesting Engineers/IT the completion of required entry/exit forms. Coordinate with IT appropriate sanitization steps have been completed prior to exit. Maintain System Security Plan documentation to accurately reflect approved changes.
- Security Account Administration - Internal NGC customers will routinely request general user and privileged user accounts for various information system environments. The employee will have to communicate the process to the customer and walk them through the steps of how to complete the appropriate security request form, where to route the form for approval for each environment, validate the users initial/refresher security training. If the user does not have the requisite training then coordinate scheduling of the training and provide the training themselves, update training records in the requisite security database. After the user account is created by IT, validate the appropriate technical security permissions and security groups have been implemented.
- System Security Plan Documentation - The employee is asked to evaluate vulnerabilities, mitigation techniques, and document residual risk. Additional problems include using Visio software to accurately represent floor layouts, network diagrams, and elevation diagrams. The employee also has to ensure existing processes and procedures they are following are accurately depicted in the documentation, identify any deltas and coordinate changes as necessary.
- Continuous Security Monitoring / Self Inspections - The employee will have to learn unique security software (e.g. LogParser, Newt, DISA SCC, DISA STIG viewer, Solar Winds, Purifile, EnCase, SPLUNK, NESSUS, etc…) in order to perform contractually required Continuous Security Monitoring. Each restricted area may have unique customer requirements therefore the required software knowledge may vary between program areas.
- Bachelor's degree in one of the qualifying fields of Science, Technology, Engineering, or Mathematics.
- A DoD IAM Level I Certification (CAP, GSLC, or Security CE).
- Current active Top Secret clearance.
- DoD 8570 IAM Level I Certification (CAP, GSLC, or Security CE).
- DoD 8570 IAT Level I Certification (A CE, Network CE, SSCP, or CCNA-Security).
- 1 - 4 years of experience performing Information Systems Security or Industrial Security duties.
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
Meet Some of Northrop Grumman's Employees
Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.
Back to top